| 1 |
Ryan Curtin wrote: |
| 2 |
> Instead of using iptables, you may want to try DenyHosts |
| 3 |
> (app-admin/denyhosts). It's a simple Python script that parses through |
| 4 |
> /var/log/secure (or whatever your sshd logs to) and finds IPs who have |
| 5 |
> failed authentication a certain number of times, then adds those IPs to |
| 6 |
> /etc/hosts.deny. Naturally, the threshold for blocking a host can be |
| 7 |
> configured, and many other options can too. It's worked great for me, |
| 8 |
> and I've used it for about half a year now. |
| 9 |
> |
| 10 |
> The website for the DenyHosts project is: |
| 11 |
> http://denyhosts.sourceforge.net/ |
| 12 |
> |
| 13 |
> I hope that I read your question right and that this will help. |
| 14 |
> |
| 15 |
> Ryan Curtin |
| 16 |
> ryan@××××××××××××.com |
| 17 |
> |
| 18 |
> |
| 19 |
> |
| 20 |
|
| 21 |
Thanks, Ryan, but I really want to stick with the tar pit solution. I |
| 22 |
had already solved the real problem when I asked for help here. I want |
| 23 |
to play with the tar pit module for..let's say "academic purposes" ;-) |
| 24 |
|
| 25 |
Unfortunately I had no luck. Clean kernel, the latest patch-o-matic, the |
| 26 |
latest iptables and the same result. Obviously gentoo-sources is |
| 27 |
incompatible with tar pit module. ;-( |
| 28 |
|
| 29 |
I'm attaching here a file called "tarpit.txt" containing the commands I |
| 30 |
issued and the relevant output from them in hope that someone could show |
| 31 |
a mistake I'm repeating. |
| 32 |
|
| 33 |
-- |
| 34 |
Best regards, |
| 35 |
Daniel |
Archives